Hey guys,
This seems so terribly easy, I feel ashamed to bring it to the forum. However, I was wondering what the best way of doing this would be.
In my current project, which is basically an intranet for a company, users can send email to an address with a certain note they'd like to submit. Every time someone goes to the admin page, these emails are all parsed and inserted into the database. However, I only want two email addresses to be allowed.
Here's my problem. So, I could easily create an array of these emails and then use in_array() or something similar. The problem with this is that the "From" field is often formatted in the following matter: "Joe Bloggs <joebloggs@mail.com>". So, checking against a list that contains joeblogs@mail.com would not work.
So, why not use some string search function like strstr()? Since the name in the from field is user defined, I could easily see a cracker using the following email address to get past this security measure: "joeblogs@mail.com <imahacker@twistedmorons.com>". This would easily pass the strstr command.
So, I'm stuck. Basically, is there any secure way to authenticate an email address?
Authenticate email address?
Moderator: General Moderators
- The_Anomaly
- Forum Contributor
- Posts: 196
- Joined: Fri Aug 08, 2008 4:56 pm
- Location: Tirana, Albania
Re: Authenticate email address?
You could use a regular expression (albeit a complicated one) to match and check either form of email address. Alternatively if I understand you correctly you could just create a dropdown box with only the two emails you will allow as choices.
- novice4eva
- Forum Contributor
- Posts: 327
- Joined: Thu Mar 29, 2007 3:48 am
- Location: Nepal
Re: Authenticate email address?
I bet there is one for the email too....but this was a very interesting topic by matthijs about using filters
viewtopic.php?f=34&t=92052&p=503956#p503956
viewtopic.php?f=34&t=92052&p=503956#p503956
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
Re: Authenticate email address?
The trouble is that even the From header can be spoofed, so it really can't be trusted.